[IntelMQ-users] Modify expert get the value of data

Wed Oct 19 11:01:47 CEST 2022

Why don't you save the decoded value in "msg[data]" (whatever that is)
in the first place?

On 10/19/22 10:59 AM, Guillaume GRANJON DE LEPINEY via IntelMQ-users wrote:
>
> I must have misspoken. What I want to do is that I have base64 encoded
> data in my msg.data and I want to modify my source.url in the modify
> expert to have XXXX={msg[data]} in decoded version.
>
>  
>
> Today when I do this on the modify expert, it gives me:
>
> XXXX=YmFzZTY0ZGF0YQ==
>
>  
>
> while I would like:
>
> XXXX=base64data
>
>  
>
>  
>
> All this without modifying the rest of my configuration, I know I
> could add a temporary field in harmonization.conf that contains my
> decrypted data, but I don't find it very clean.
>
>  
>
> Regards,
>
> Guillaume
>
>  
>
> *De :*Mika Silander <mika.silander at csc.fi>
> *Envoyé :* mercredi 19 octobre 2022 10:53
> *À :* intelmq-users at lists.cert.at
> *Cc :* Guillaume GRANJON DE LEPINEY <ggranjon at excellium-services.be>
> *Objet :* Re: [IntelMQ-users] Modify expert get the value of data
>
>  
>
>
> 	
>
> You don't often get email from mika.silander at csc.fi
> <mailto:mika.silander at csc.fi>. Learn why this is important
> <https://aka.ms/LearnAboutSenderIdentification>
>
> 	
>
> Hi Guillaume,
>
>  
>
>  Not entirely sure as to why you need to decode parts of your Modify
> expert's configurations, but in intelmq/lib/utils.py you have the
> base64_encode and base64_decode functions that may be of use to you.
>
> Testing and experimenting what decoded and encoded data looks like can
> also be achieved on the command line, e.g. (on Ubuntu with the base64
> executable provided by the coreutils package):
>
>  
>
> echo "a text sample" | base64 | base64 -d -
>
>  
>
> gives
>
>  
>
> a text sample
>
>  
>
>  I hope this helps.
>
>  
>
> Br, Mika
>
>  
>
> ------------------------------------------------------------------------
>
> *From: *"Guillaume GRANJON DE LEPINEY via IntelMQ-users"
> <intelmq-users at lists.cert.at <mailto:intelmq-users at lists.cert.at>>
> *To: *"intelmq-users at lists.cert.at
> <mailto:intelmq-users at lists.cert.at>" <intelmq-users at lists.cert.at
> <mailto:intelmq-users at lists.cert.at>>
> *Sent: *Wednesday, 19 October, 2022 11:28:31
> *Subject: *[IntelMQ-users] Modify expert get the value of data
>
>  
>
> Hello,
>
>  
>
> This may be a silly question, but I can't find the answer.
>
> Is it possible to get the decoded value (not base 64) of my data in a
> configuration file of the bot intelmq.bots.experts.modify.expert?
>
>  
>
> I would like to do something like that with the decoded value:
>
>  
>
> Regards,
>
>                                                                                                        
>
>
> *Guillaume GRANJON de LÉPINEY*| ggranjon at excellium-services.be
> <mailto:ggranjon at excellium-services.be> | PGP Key ID: 0xE2FD5ED1
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpgp.circl.lu%2Fpks%2Flookup%3Fsearch%3D0xE2FD5ED1%26fingerprint%3Don%26op%3Dindex&data=05%7C01%7Cggranjon%40excellium-services.be%7Ca3ea354bfbba4c917b8508dab1af53c0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017663871879706%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nxpQCH7aMResUacA8%2BXVVLi9u%2B%2B8xbz5KcsKa9ZR%2BjI%3D&reserved=0>
> *CERT-XLM* | cert at excellium-services.com
> <mailto:cert at excellium-services.com> | PGP Key ID: 0xD74E5AC0
> <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpgp.circl.lu%2Fpks%2Flookup%3Fop%3Dvindex%26fingerprint%3Don%26search%3D0x67B311E5D74E5AC0&data=05%7C01%7Cggranjon%40excellium-services.be%7Ca3ea354bfbba4c917b8508dab1af53c0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017663871879706%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AbZwJGETGujbrPGAdr4X86B%2Fdbaxw9LZHshHzDWWH1I%3D&reserved=0>
>
>
> Excellium Services Belgium N.V. | Orion Bldg, Belgicastraat 13, B-1930
> Zaventem, Belgium
> Mobile: +32 4 71 98 57 65
>
> Emergency: +352 262 039 64 708 | emergency at excellium-services.com
> <mailto:emergency at excellium-services.com>| PGP Key ID: 0x42662EFE
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexcellium-services.com%2Fassets%2FEMERGENCY_PKEY.asc&data=05%7C01%7Cggranjon%40excellium-services.be%7Ca3ea354bfbba4c917b8508dab1af53c0%7C6fbe60251d0f498dae4423b34f048283%7C1%7C0%7C638017663871879706%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zc5o7E0M2056ZkfmXQOhjFbvc2ryBMeRTuzKcnZLLdg%3D&reserved=0>
>
> https://excellium-services.com/en/CERT-XLM/
>
> https://www.trusted-introducer.org/directory/teams/cert-xlm.html
>
> https://www.first.org/members/teams/cert-xlm
>
>  
>
> This email is confidential and may contain legally privileged
> information. If you are not the intended recipient, you should not
> copy, distribute, disclose or use the information it contains, please
> e-mail the sender immediately and delete this message from your
> system. Note: e-mails are susceptible to corruption, interception and
> unauthorised amendment; we do not accept liability for any such
> changes, or for their consequences. You should be aware that we may
> monitor your e-mails and their content. Excellium Services SA.
> -- 
> List settings:
>  https://lists.cert.at/cgi-bin/mailman/listinfo/intelmq-users
> IntelMQ Documentation: https://intelmq.readthedocs.io/
>
> This email is confidential and may contain legally privileged
> information. If you are not the intended recipient, you should not
> copy, distribute, disclose or use the information it contains, please
> e-mail the sender immediately and delete this message from your
> system. Note: e-mails are susceptible to corruption, interception and
> unauthorised amendment; we do not accept liability for any such
> changes, or for their consequences. You should be aware that we may
> monitor your e-mails and their content. Excellium Services SA.

Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://sebix.at/
ZVR 1510673578

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20221019/5e924f2f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6959 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20221019/5e924f2f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20221019/5e924f2f/attachment.sig>